Privacy, security and GDPR

Overview

The Privacy, security and GDPR page allows you to configure Ortto’s global security, privacy, and General Data Protection Regulation (GDPR) settings.

Accessing privacy, security and GDPR

To access the privacy, security and GDPR page, go to Settings > Privacy, security and GDPR

Managing privacy, security and GDPR

The privacy, security and GDPR page allows users to:

• Configure app authentication.
• Enable goole reCAPTCHA.
• Set up two-step authentication (2FA).
• Enable tracking opt-in form.
• View policy documents.
• Learn more about data hosting.

Saving changes

Click the Save button located at the bottom of the page to confirm and apply your changes.

App authentication

App authentication settings in Ortto allow you to control how users sign in to their accounts. Here’s how you can set it up:

1. Any authentication method (Default): Users can login using any globally configured authentication method.
2. Google Single-Sign-On enforced: Forces all users to login with their Google account.
3. Microsoft Single-Sign-On enforced: Forces all users to login with their Microsoft account.
   1. Learn more about Microsoft single-sign-on.
4. Okta Single-Sign-On enforced (Limited availability): Forces all users to login with their Okta account. Requires additional setup in OKTA.
   1. This feature is available to Ortto customers on Enterprise plans.
   2. Learn more about setting up Okta single-sign-on for Ortto.

Google reCAPTCHA

Integrate Google’s reCAPTCHA feature seamlessly into Ortto’s capture widgets on your business' websites by following these steps:

1. Register your website/s on Google reCAPTCHA’s Admin console, selecting reCAPTCHA v2 and the appropriate options.
2. After registration, visit Google reCAPTCHA’s Adding reCAPTCHA to your site page.
3. Copy the Site key provided and paste it into the corresponding field in the Ortto interface.
4. Copy the Secret key provided and paste it into the Ortto interface’s Secret key field.

These steps will enable Google reCAPTCHA to enhance security on your Ortto capture widgets effectively.

Two-step authentication (2FA)

Two-step authentication (2FA) enhances the security of your Ortto account by requiring users to verify their identity with a second factor during login. Here’s how you can configure it:

1. Optional (Default): Users can sign in with or without using two-factor verification.
2. Required: Users must use two-factor verification to sign in. Each user can configure this in their Profile settings.

Tracking opt-in form

The Tracking opt-in form in Ortto allows you to control Ortto’s cookie-based tracking feature, ensuring compliance with the General Data Protection Regulation (GDPR).

• GDPR applies to companies and entities within the EU that handle personal data, as well as those outside the EU handling data of EU residents.
• To meet GDPR standards, Ortto provides a user-driven opt-in form that appears on your business' websites. This form enables users to consent to Ortto tracking their activities through cookies.

Enabling this feature helps ensure that Ortto's tracking practices align with GDPR requirements, providing transparency and user control over their personal data.

Policies, documents and GDPR addendum

Ortto’s GDPR Addendum for customers is available for download in this section.

Additionally, you can view other important documents such as:

• Terms and conditions.
• Privacy policy.
• GDPR.

Data hosting

Ortto hosts data according to your signup selection: United States (default), European Union, or Australia. This section displays the region you chose during signup.

• Learn more about data hosting.

If you use Ortto's API, the region where your data is hosted determines the specific API endpoint you should use.

• Learn more in our developer guide.